Security and Firewall
The Chef Automate High Availability (HA) cluster requires multiple ports for the front and backend servers to operate effectively and reduce network traffic. Below is a breakdown of those ports and what needs to be open for each set of servers.
Ports required for all Machines
Machines | Chef Automate | Chef Infra Server | Postgresql | OpenSearch | Bastion |
---|---|---|---|---|---|
Incoming | TCP 22, 9631, 443, 80 | TCP 22, 9631, 443, 80 | TCP 22, 9631, 7432, 5432, 9683 UDP 9638 | TCP 22, 9631, 9200, 9300, 9638 UDP 9638 | |
Outgoing | TCP 22, 9631, 443, 80 | TCP 22, 9631, 443, 80 | TCP 22, 9631, 7432, 5432, 9683 UDP 9638 | TCP 22, 9631, 9200, 9300, 9638 UDP 9638 | TCP 22, 9631 |
Note
- Custom SSH port is supported, but same port should be used accross all the machines.
Port usage definitions
Protocol | Port Number | Usage |
---|---|---|
TCP | 22 | SSH to configure services |
TCP | 9631 | Habitat HTTP API |
TCP | 443 | Allow Users to reach UI / API |
TCP | 80 | Optional, Allows users to redirect to 443 |
TCP | 9200 | OpenSearch API HTTPS Access |
TCP | 9300 | Allows OpenSearch node to distribute data in its cluster. |
TCP/UDP | 9638 | Habitat gossip (UDP) |
TCP | 7432 | HAProxy, which redirects to Postgresql Leader |
Was this page helpful?